If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I realize he began this thread to ask about the faults and insecurities regarding WEP, but continuing along the category of wireless security, how effective would you say WPA is? I understand that using the right wordlist is necessary to make cracking WPA feasible, but should the AP have a non-comprehensive password not revolving around a real word, what's the chances someone could crack that?

An example might be a password of "123abc456def" Most wordlists I've seen revolve around real words and "l337" words.

I realize he began this thread to ask about the faults and insecurities regarding WEP, but continuing along the category of wireless security, how effective would you say WPA is? I understand that using the right wordlist is necessary to make cracking WPA feasible, but should the AP have a non-comprehensive password not revolving around a real word, what's the chances someone could crack that?

An example might be a password of "123abc456def" Most wordlists I've seen revolve around real words and "l337" words.

Would WPA be the safest home-use network security for wireless APs?

at this time the only way to crack wpa is with the password you could have a 50 Terabyte password list but if the actual password is not in the list than you will never crack it.

a password like this but 63 charters would be uncrackable a~.<)Q{}^*d2*x~\K|>:;T'[^r@9n could you imagine how big your password list would need to be i believe 11111111 to 99999999 is like 11gbs

3. furthermore, I started playing with "arping", "fping" and "hping" in BT3.

For me it's important to figure serveral approaches to one problem. I try to start working my way through and understand more. I want this post to be interesting and informative, so thanks for reading first of all and thanks for giving some advice, too. I shall keep you posted on the progress - that's the only way to make a post rational and gives it orientation. Thanks

Cheers

Dionysos

PS I guess WPA is a challenge and from the idea itself: it s safe. But how many XP users out of 100 will click on "accept the certificate", even though it s faked and someone is playing with the net.
For some nice tables regarding WPA, check the shmoo group's website.

PS I guess WPA is a challenge and from the idea itself: it s safe. But how many XP users out of 100 will click on "accept the certificate", even though it s faked and someone is playing with the net.
For some nice tables regarding WPA, check the shmoo group's website.

This has nothing to do with WPA, and as long as you use a strong passphrase along with WPA there is no reason to fear that anyone would gain access to your AP and be able to perform a MITM attack on you. There are naturally other ways to perform a MITM than to gain access to a wireless AP, but these scenarios have even less to do with WPA encryption than the previously mentioned.

Catch your point! It was my lunch break so I had to be quick, minds flowing faster than I could write. I will be more precise in explaining myself in future, so to straighten this out:

I asked myself the question: How many out of 100 WinXP users will accept a fake certificate from someone who is playing with net (actually performing a MITM attack, as you stated correctly)==> 80?! maybe 90?!
Thus, refering to the discussed points concerning WPA:
How many out of 100 WinXP users will choose a sensible password or passphrase(length!) when setting up the WPA secured network?! 60?! 70?!
It's gotta be quick today, with setting up things - accomplishing something. That's my opinion. Most people don't think about it due to the lack of knowledge or simply ignorance: Media puts "WPA" is bulletproof in a headline and that's for a lot of people out there all they wanna know. Otherwise, when set up sensibly, WPA seems to be a very safe solution.

Quoting a professor of my brother: (prof asking the students)

"How do you choose a password?"
Student: "Case sensitive. Use numbers and special characters"
Professor: "You don't choose a password! You choose the length of the pw and create a random chain of characters!"

(I hope this didn't get lost in translation)

==>If you wanna play around with your router and see what kind of WPA-passwords one can actually hack by using precomputed tables: the tables of the shmoo group are a good source!

In fact the MITM has nothing to do with cracking keys of WEP or WPA networks. Hope I made myself clear this time.

I asked myself the question: How many out of 100 WinXP users will accept a fake certificate from someone who is playing with net (actually performing a MITM attack, as you stated correctly)==> 80?! maybe 90?!
Thus, refering to the discussed points concerning WPA:
How many out of 100 WinXP users will choose a sensible password or passphrase(length!) when setting up the WPA secured network?! 60?! 70?!
It's gotta be quick today, with setting up things - accomplishing something. That's my opinion. Most people don't think about it due to the lack of knowledge or simply ignorance: Media puts "WPA" is bulletproof in a headline and that's for a lot of people out there all they wanna know. Otherwise, when set up sensibly, WPA seems to be a very safe solution.

Well now I understand the connection between the two that you were trying to make, pardon my last reply but as you say yourself your previous post was rather unclear.

I absolutely agree on that most people, especially windows users, probably are so used to clicking on pop-ups that they will blindly accept next to anything without paying any real attention to the actual warning message. I would believe that this same thoughtlessness often applies to WPA as well as any other service requiring you to choose your own password and remember it.

I can't refrain from citing Pureh@te's signature here as I find it to be one of the more insightful out there and it indeed is relevant to this subject: Social engineering, because there is no patch for human stupidity!

I totally agree ReckaH although the post you quoted isn't the only one. Time and time again this type of response is seen on these forums by big mouths but also by people who should know better. I saw this thread from the very first post by Dionysos and watched as the type of posts I expected to appear unfortuneatly did.

Come on lads, it aint that hard to distinguish between the dicks that want to piss about with their neighbours network and people that are starting out and want to learn.